Update plasmo + rework permissions + explain permissions in readme + lots of suffering

README.md

@@ -10,3 +10,19 @@ We use pnpm with the latest version of NodeJS.
 pnpm i
 pnpm dev
 ```
+
+## About permissions
+
+The extension uses the following base permission:
+ - `activeTab` - This only gives access to knowing what tab is currently active, in this case we use it for making the on/off button per site on the popout. **This does not allow us to know the content of the site active tab** and because of that, this is not something that is prompted or shown to users.
+ - `declarativeNetRequestWithHostAccess` - This allows us to do network request manipulation, but only for sites we have host access for. **This only gives us access after the user has had to accept permission prompt** and because of that, this is not something that is prompted or shown to users.
+ - `scripting` - This allows us to inject helper scripts, but only for sites we have host access for. **This only gives us access after the user has had to accept permission prompt** and because of that, this is not something that is prompted or shown to users.
+ - `storage` - We need to store which sites are enabled or disabled by the user. This poses no risks to users so this is not something that is prompted or shown to users.
+
+On top of this list, we get the ability to **request** access for the following origins:
+ - `https://*/*`
+ - `http://*/*`
+
+This means we can request permissions for all possible sites. This is only a prompt where the browser asks if the extension can access a site, this does not give us access without the user knowing.
+
+Once a user has requested to enable the extension for a site. It will inject a helper script so the site knows how to communicate with the extension. Then the extension will do the work that a normal site wouldn't be able to do (like making cross-origin requests or sending headers that are normally restricted). The helper script will be injected everytime they open that site.